View Reports for Office 365 Advanced Threat Protection
Advanced threat protection refers to a category of cloud-based email filtering service that defend against sophisticated malware or hacking-based attacks targeting sensitive data.
If your organization has Office 365 Advanced Threat Protection (ATP) and has the necessary permissions, you can use multiple ATP reports in the Security & Compliance Center. (Go to Reports > Dashboard.)
Threat Protection Status report
The Threat Protection Status report is a single view that fetches together information about malicious content as well as malicious email detected and blocked by Exchange Online Protection (EOP) as well as Office 365 ATP. This report is useful for observing detections over time (up to 90 days), and it enables security administrators to identify trends or determine whether adjustments have been made in policies.
The Threat Protection report provides an overall count of unique email messages with malicious content, such as files or website addresses (URLs) that were blocked by the anti-malware engines.
The Threat Protection Report is available to the customers who have Office 365 ATP plan or Exchange Online Protection (EOP) plan. However, the information that is shown in the Threat Protection report for ATP customers will likely contain different data than that seen by EOP customers. For example,
The Threat Protection Estimation report for ATP customers will contain information about malicious files found in SharePoint Online, OneDrive. Such information is specific to ATP, so customers who do not have EOP, but ATP will not see those details in their Threat Protection Status report.
To view the Threat Protection Status report in the Security and Compliance Center,
Go to the Reports > Dashboard > Threat Protection Status.
To get a detailed status for a day, hover over the graph.
By default, the Threat Protection Status report shows data for the last seven days. However, you can choose a filter to view data up to 90 days and change the date range. (If you are using a trial subscription, you may be limited to 30 days of data.)
You can also use View Data from the menu to change the information displayed in the report.
ATP File Types report
The ATP file type report shows you the type of files found by ATP secure attachments as malicious.
To view this report, in the Security and Compliance Center, go to Report> Dashboard> ATP File Type.
When you hover over a particular day, you can see a breakdown of the types of malicious files detected in Office 365 by ATP Safe Attachments and Anti-Spam as well as Anti-Malware Protection.
ATP Message Disposition Report
The ATP Message Disposal report shows you the actions that were taken for email messages found as malicious content.
To see this report, in the Security & Compliance Center, go to Reports > Dashboard > ATP Message Disposition.
When you hover over a bar in the chart, you can see what action was taken for the email you searched for that day.
What permissions are required to view the ATP reports?
To view and use the reports described in this article, you must have an appropriate role for both the Security and Compliance Center as well as the Exchange Admin Center.
For the Security and Compliance Center, you must have one of the following roles:
Security Administrator (this can be assigned in the Azure Active Directory admin center (https://aad.portal.azure.com)
For Exchange Online, you must have roles assigned to one of the Exchange Admin Center (https://outlook.office365.com/ecp)
View-only Organization Management
View-Only Recipients role